CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page.

**![](https://fortiguard.com/static/images/icons/psirt.svg?v=4940) PSIRT Advisories**

**FortiOS & FortiProxy -- Path traversal vulnerability**

**Summary**

A relative path traversal \[CWE-23\] vulnerabiltiy in FortiOS and FortiProxy may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page.

**Affected Products**

FortiGate versions 7.0.1 and 7.0.0.  
FortiGate versions 6.2.x, 6.4.x are NOT impacted by this vulnerability.

FortiProxy version 7.0.0.

**Solutions**

Please upgrade to FortiGate version 7.0.2 or above.  
Please upgrade to FortiProxy version 7.0.1 or above.

**Acknowledgement**

Fortinet is pleased to thank Mohammed Eldeeb from Spark Engineering Consultants for reporting this vulnerability under responsible disclosure.

Headline

CVE-2021-41024: Fortiguard

CVE: Latest News